diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix
index fa16f7f..4a770f5 100644
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@@ -27,6 +27,7 @@ in {
       "hosts/common/core/editor.nix"
       "hosts/common/core/fonts.nix"
       "hosts/common/core/sudo.nix"
+      "hosts/common/core/nebula.nix"
       "hosts/common/users/primary"
       "hosts/common/users/primary/${platform}.nix"
       "modules/common"
diff --git a/hosts/common/core/nebula.nix b/hosts/common/core/nebula.nix
new file mode 100644
index 0000000..dcd2954
--- /dev/null
+++ b/hosts/common/core/nebula.nix
@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  inputs,
+  hostSpec,
+  ...
+}: let
+  s = inputs.nix-secrets.network.mesh;
+in
+  if builtins.hasAttr "${hostSpec.hostName}" s.hosts
+  then lib.warn "Hey you don't have a nebula host config for this host, we'll still build but you should fix this ASAP since you won't be inside the mesh. If you don't know how to do this please talk to your computer administrator (me haha)"
+  else {
+    services.nebula.networks.wce = {
+      inherit (s) ca;
+      inherit (s.hostSpec.hostName) cert key;
+      enable = true;
+      isLighthouse = lib.mkDefault false;
+    };
+  }